* Security Working Group meeting - Wednesday March 16
@ 2022-03-16 2:45 Joseph Reynolds
2022-03-16 17:51 ` Security Working Group meeting - Wednesday March 16 - results Joseph Reynolds
0 siblings, 1 reply; 6+ messages in thread
From: Joseph Reynolds @ 2022-03-16 2:45 UTC (permalink / raw)
To: openbmc
This is a reminder of the OpenBMC Security Working Group meeting
scheduled for this Wednesday March 16 at 10:00am PDT.
We'll discuss the following items on the agenda
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
and anything else that comes up:
1. Please review the phosphor audit design
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023
<https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023>
Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
<https://github.com/openbmc/openbmc/wiki/Security-working-group>
- Joseph
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Security Working Group meeting - Wednesday March 16 - results
2022-03-16 2:45 Security Working Group meeting - Wednesday March 16 Joseph Reynolds
@ 2022-03-16 17:51 ` Joseph Reynolds
2022-03-16 19:45 ` Michael Richardson
2022-03-16 23:21 ` Security Working Group meeting - Wednesday March 16 - results Patrick Williams
0 siblings, 2 replies; 6+ messages in thread
From: Joseph Reynolds @ 2022-03-16 17:51 UTC (permalink / raw)
To: openbmc
On 3/15/22 9:45 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday March 16 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI>,
> and anything else that comes up:
>
Attended: Joseph, Ratan, James, Mark, Daniil, Dhananjay, Dick, Jiang
1 Please review the phosphor audit design
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023
<https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023>and related
code under https://github.com/openbmc/phosphor-logging
<https://github.com/openbmc/phosphor-logging>directory phosphor-audit.
IBM is interested in working on this.
We also discussed encrypting data like logs, and storing keys in a vault
/ trust zone / TPM.
See also encrypted volume https://github.com/openbmc/estoraged
<https://github.com/openbmc/estoraged>
2 CNA work update
James is working on the OpenBMC vulnerability backlog. First
transferring each one to our private github issues database together
with its reserved CVE. James will share JSON-formatted CVEs with the
security response team (SRT). Currently working to upload/submit CVEs
to mitre. (Note these are not yet public.)
Helpful tools: formatted vulnerabilities using vulnogram. Use
Redhat’s Cvelib Python-based tool
TODO: Joseph and Dhananjay (as the OpenBMC CNAs): get credentials from
mitre to allow you to create CVEs.
-Joseph
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Security Working Group meeting - Wednesday March 16 - results
2022-03-16 17:51 ` Security Working Group meeting - Wednesday March 16 - results Joseph Reynolds
@ 2022-03-16 19:45 ` Michael Richardson
2022-03-18 22:23 ` Security Working Group meeting - Wednesday March 16 - results - audit log handling Joseph Reynolds
2022-03-16 23:21 ` Security Working Group meeting - Wednesday March 16 - results Patrick Williams
1 sibling, 1 reply; 6+ messages in thread
From: Michael Richardson @ 2022-03-16 19:45 UTC (permalink / raw)
To: Joseph Reynolds; +Cc: openbmc
[-- Attachment #1: Type: text/plain, Size: 1147 bytes --]
Joseph Reynolds <jrey@linux.ibm.com> wrote:
> We also discussed encrypting data like logs, and storing keys in a
> vault / trust zone / TPM.
Wouldn't it make most sense to encrypt them *to* an asymmetric (public) key that is
not on the BMC? Or one can send them over encrypted syslog, or netconf to
another server for safe keeping.
Or are you thinking that you need to sign the logs?
If the key is stored locally, even in a TPM, and the point is to be able to
review logs locally, then the logs need to get decrypted, and that means that
the key needs to be enabled/opened/activated locally, and which point,
if there was a compromised system, the bad guy wins.
I guess I wonder what the goals are here.
> See also encrypted volume https://github.com/openbmc/estoraged
> <https://github.com/openbmc/estoraged>
Same issue: where is the key stored?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 658 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Security Working Group meeting - Wednesday March 16 - results
2022-03-16 17:51 ` Security Working Group meeting - Wednesday March 16 - results Joseph Reynolds
2022-03-16 19:45 ` Michael Richardson
@ 2022-03-16 23:21 ` Patrick Williams
2022-03-18 22:49 ` Joseph Reynolds
1 sibling, 1 reply; 6+ messages in thread
From: Patrick Williams @ 2022-03-16 23:21 UTC (permalink / raw)
To: Joseph Reynolds; +Cc: openbmc
[-- Attachment #1: Type: text/plain, Size: 679 bytes --]
On Wed, Mar 16, 2022 at 12:51:11PM -0500, Joseph Reynolds wrote:
> 1 Please review the phosphor audit design
> https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023
> <https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023>and related
> code under https://github.com/openbmc/phosphor-logging
> <https://github.com/openbmc/phosphor-logging>directory phosphor-audit.
>
> IBM is interested in working on this.
Was there any feedback on the design? The current proposal seems very
foundational, like phosphor-logging itself, so I want to make sure we have broad
consensus on it before we invest a lot of effort in this approach.
--
Patrick Williams
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Security Working Group meeting - Wednesday March 16 - results - audit log handling
2022-03-16 19:45 ` Michael Richardson
@ 2022-03-18 22:23 ` Joseph Reynolds
0 siblings, 0 replies; 6+ messages in thread
From: Joseph Reynolds @ 2022-03-18 22:23 UTC (permalink / raw)
To: Michael Richardson, Patrick Williams; +Cc: openbmc
On 3/16/22 2:45 PM, Michael Richardson wrote:
> Joseph Reynolds <jrey@linux.ibm.com> wrote:
> > We also discussed encrypting data like logs, and storing keys in a
> > vault / trust zone / TPM.
>
> Wouldn't it make most sense to encrypt them *to* an asymmetric (public) key that is
> not on the BMC? Or one can send them over encrypted syslog, or netconf to
> another server for safe keeping.
> Or are you thinking that you need to sign the logs?
>
> If the key is stored locally, even in a TPM, and the point is to be able to
> review logs locally, then the logs need to get decrypted, and that means that
> the key needs to be enabled/opened/activated locally, and which point,
> if there was a compromised system, the bad guy wins.
>
> I guess I wonder what the goals are here.
Goals? We didn't mention any goals, and the discussion about encryption
was lighthearted and introductory.
I had not thought past storing the audit log on the BMC, and realizing
that it should be encrypted or streamed off the BMC.
I agree that using symmetric keys is not a good idea.
I'll ask my requirement providers what their needs are in this space.
- Joseph
>
> > See also encrypted volume https://github.com/openbmc/estoraged
> > <https://github.com/openbmc/estoraged>
>
> Same issue: where is the key stored?
same
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Security Working Group meeting - Wednesday March 16 - results
2022-03-16 23:21 ` Security Working Group meeting - Wednesday March 16 - results Patrick Williams
@ 2022-03-18 22:49 ` Joseph Reynolds
0 siblings, 0 replies; 6+ messages in thread
From: Joseph Reynolds @ 2022-03-18 22:49 UTC (permalink / raw)
To: Patrick Williams; +Cc: openbmc
On 3/16/22 6:21 PM, Patrick Williams wrote:
> On Wed, Mar 16, 2022 at 12:51:11PM -0500, Joseph Reynolds wrote:
>
>> 1 Please review the phosphor audit design
>> https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023
>> <https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/46023>and related
>> code under https://github.com/openbmc/phosphor-logging
>> <https://github.com/openbmc/phosphor-logging>directory phosphor-audit.
>>
>> IBM is interested in working on this.
> Was there any feedback on the design? The current proposal seems very
> foundational, like phosphor-logging itself, so I want to make sure we have broad
> consensus on it before we invest a lot of effort in this approach.
I liked it, and I just added a comment!
Joseph
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-03-18 22:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-16 2:45 Security Working Group meeting - Wednesday March 16 Joseph Reynolds
2022-03-16 17:51 ` Security Working Group meeting - Wednesday March 16 - results Joseph Reynolds
2022-03-16 19:45 ` Michael Richardson
2022-03-18 22:23 ` Security Working Group meeting - Wednesday March 16 - results - audit log handling Joseph Reynolds
2022-03-16 23:21 ` Security Working Group meeting - Wednesday March 16 - results Patrick Williams
2022-03-18 22:49 ` Joseph Reynolds
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.